Security Vulnerability Report lists only npm false positives

Issue #182 resolved
Former user created an issue

After updating to Control Freak 2020.12.10, we found the (now enabled by default) Security Vulnerability report. As much as it was exciting to see this functionality, sadly it only reported false positives for our project. It reported 2 vulnerabilities: CVE-2018-6341 & CVE-2013-7035 for npm:@types/react:16.9.2. Both reported vulnerabilities are false positives because: * They do not affect version 16.9.2 * The version in our project is not even the reported 16.9.2, but instead 16.9.46.

Comments (1)

  1. Julius Davies [bit-booster.com] repo owner

    The "Security Vulnerability" feature of Control-Freak was removed and moved into a separate "Codegreen" plugin.

    Also, we have significantly improved its accuracy in the last 6 months (if you would like to try out the now separate "Codegreen" plugin). It no longer reports those CVE's against npm:@types/react.

  2. Log in to comment